@blamejs/core 0.16.0 → 0.16.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/bin/blamejs.js +2 -0
- package/index.js +2 -0
- package/lib/_test/crypto-fixtures.js +2 -0
- package/lib/a2a-tasks.js +2 -0
- package/lib/a2a.js +2 -0
- package/lib/acme.js +7 -1
- package/lib/agent-audit.js +2 -0
- package/lib/agent-envelope-mac.js +2 -0
- package/lib/agent-event-bus.js +2 -0
- package/lib/agent-idempotency.js +2 -0
- package/lib/agent-orchestrator.js +2 -0
- package/lib/agent-posture-chain.js +2 -0
- package/lib/agent-saga.js +2 -0
- package/lib/agent-snapshot.js +2 -0
- package/lib/agent-stream.js +2 -0
- package/lib/agent-tenant.js +2 -0
- package/lib/agent-trace.js +2 -0
- package/lib/ai-adverse-decision.js +2 -0
- package/lib/ai-aedt-bias-audit.js +2 -0
- package/lib/ai-capability.js +2 -0
- package/lib/ai-content-detect.js +2 -0
- package/lib/ai-disclosure.js +2 -0
- package/lib/ai-dp.js +2 -0
- package/lib/ai-frontier-protocol.js +2 -0
- package/lib/ai-input.js +2 -0
- package/lib/ai-model-manifest.js +2 -0
- package/lib/ai-output.js +2 -0
- package/lib/ai-pref.js +2 -0
- package/lib/ai-prompt.js +2 -0
- package/lib/ai-quota.js +2 -0
- package/lib/api-key.js +2 -0
- package/lib/api-snapshot.js +2 -0
- package/lib/app-shutdown.js +2 -0
- package/lib/app.js +2 -0
- package/lib/archive-adapters.js +2 -0
- package/lib/archive-entry-policy.js +2 -0
- package/lib/archive-gz.js +2 -0
- package/lib/archive-read.js +2 -0
- package/lib/archive-tar-read.js +2 -0
- package/lib/archive-tar.js +2 -0
- package/lib/archive-wrap.js +2 -0
- package/lib/archive.js +2 -0
- package/lib/arg-parser.js +2 -0
- package/lib/argon2-builtin.js +2 -0
- package/lib/asn1-der.js +2 -0
- package/lib/asyncapi-bindings.js +2 -0
- package/lib/asyncapi-traits.js +2 -0
- package/lib/asyncapi.js +2 -0
- package/lib/atomic-file.js +2 -0
- package/lib/audit-chain.js +2 -0
- package/lib/audit-daily-review.js +2 -0
- package/lib/audit-emit.js +2 -0
- package/lib/audit-sign.js +2 -0
- package/lib/audit-tools.js +2 -0
- package/lib/audit.js +2 -0
- package/lib/auth/aal.js +2 -0
- package/lib/auth/access-lock.js +2 -0
- package/lib/auth/acr-vocabulary.js +2 -0
- package/lib/auth/ato-kill-switch.js +2 -0
- package/lib/auth/auth-time-tracker.js +2 -0
- package/lib/auth/bot-challenge.js +2 -0
- package/lib/auth/ciba.js +2 -0
- package/lib/auth/dpop.js +2 -0
- package/lib/auth/elevation-grant.js +2 -0
- package/lib/auth/fal.js +2 -0
- package/lib/auth/fido-mds3.js +2 -0
- package/lib/auth/jar.js +2 -0
- package/lib/auth/jwt-external.js +2 -0
- package/lib/auth/jwt.js +2 -0
- package/lib/auth/lockout.js +2 -0
- package/lib/auth/oauth.js +84 -17
- package/lib/auth/oid4vci.js +2 -0
- package/lib/auth/oid4vp.js +2 -0
- package/lib/auth/openid-federation.js +2 -0
- package/lib/auth/passkey.js +2 -0
- package/lib/auth/password.js +2 -0
- package/lib/auth/saml.js +30 -5
- package/lib/auth/sd-jwt-vc-disclosure.js +2 -0
- package/lib/auth/sd-jwt-vc-holder.js +2 -0
- package/lib/auth/sd-jwt-vc-issuer.js +2 -0
- package/lib/auth/sd-jwt-vc.js +2 -0
- package/lib/auth/status-list.js +2 -0
- package/lib/auth/step-up-policy.js +2 -0
- package/lib/auth/step-up.js +2 -0
- package/lib/auth-bot-challenge.js +2 -0
- package/lib/auth-header.js +2 -0
- package/lib/backup/bundle.js +2 -0
- package/lib/backup/crypto.js +2 -0
- package/lib/backup/index.js +14 -0
- package/lib/backup/manifest.js +2 -0
- package/lib/base32.js +2 -0
- package/lib/boot-gates.js +2 -0
- package/lib/bounded-map.js +2 -0
- package/lib/breach-deadline.js +2 -0
- package/lib/break-glass.js +2 -0
- package/lib/budr.js +2 -0
- package/lib/bundler.js +2 -0
- package/lib/cache-redis.js +2 -0
- package/lib/cache-status.js +2 -0
- package/lib/cache.js +2 -0
- package/lib/calendar.js +2 -0
- package/lib/canonical-json.js +2 -0
- package/lib/cbor.js +2 -0
- package/lib/cdn-cache-control.js +2 -0
- package/lib/cert.js +2 -0
- package/lib/chain-writer.js +2 -0
- package/lib/circuit-breaker.js +2 -0
- package/lib/cli-helpers.js +2 -0
- package/lib/cli.js +57 -20
- package/lib/client-hints.js +2 -0
- package/lib/cloud-events.js +2 -0
- package/lib/cluster-provider-db.js +2 -0
- package/lib/cluster-storage.js +2 -0
- package/lib/cluster.js +2 -0
- package/lib/cms-codec.js +2 -0
- package/lib/codepoint-class.js +2 -0
- package/lib/compliance-ai-act-logging.js +2 -0
- package/lib/compliance-ai-act-prohibited.js +2 -0
- package/lib/compliance-ai-act-risk.js +2 -0
- package/lib/compliance-ai-act-transparency.js +2 -0
- package/lib/compliance-ai-act.js +2 -0
- package/lib/compliance-eaa.js +2 -0
- package/lib/compliance-sanctions-aliases.js +2 -0
- package/lib/compliance-sanctions-fetcher.js +2 -0
- package/lib/compliance-sanctions-fuzzy.js +2 -0
- package/lib/compliance-sanctions.js +2 -0
- package/lib/compliance.js +2 -0
- package/lib/config-drift.js +2 -0
- package/lib/config.js +2 -0
- package/lib/consent.js +2 -0
- package/lib/constants.js +2 -0
- package/lib/content-credentials.js +2 -0
- package/lib/content-digest.js +2 -0
- package/lib/cookies.js +2 -0
- package/lib/cose.js +2 -0
- package/lib/cra-report.js +2 -0
- package/lib/crdt.js +2 -0
- package/lib/credential-hash.js +2 -0
- package/lib/crypto-field.js +2 -0
- package/lib/crypto-hpke-pq.js +2 -0
- package/lib/crypto-hpke.js +2 -0
- package/lib/crypto-oprf.js +2 -0
- package/lib/crypto-xwing.js +2 -0
- package/lib/crypto.js +2 -0
- package/lib/csp.js +2 -0
- package/lib/csv.js +2 -0
- package/lib/cwt.js +2 -0
- package/lib/daemon.js +2 -0
- package/lib/dark-patterns.js +2 -0
- package/lib/data-act.js +2 -0
- package/lib/db-collection.js +2 -0
- package/lib/db-declare-row-policy.js +2 -0
- package/lib/db-declare-view.js +2 -0
- package/lib/db-file-lifecycle.js +2 -0
- package/lib/db-query.js +2 -0
- package/lib/db-role-context.js +2 -0
- package/lib/db-schema.js +2 -0
- package/lib/db.js +2 -0
- package/lib/dbsc.js +2 -0
- package/lib/ddl-change-control.js +2 -0
- package/lib/deprecate.js +2 -0
- package/lib/dev.js +2 -0
- package/lib/did.js +2 -0
- package/lib/dora.js +2 -0
- package/lib/dr-runbook.js +2 -0
- package/lib/dsa.js +2 -0
- package/lib/dsr.js +2 -0
- package/lib/dual-control.js +2 -0
- package/lib/early-hints.js +2 -0
- package/lib/eat.js +2 -0
- package/lib/error-page.js +2 -0
- package/lib/events.js +2 -0
- package/lib/external-db-migrate.js +2 -0
- package/lib/external-db.js +2 -0
- package/lib/fapi2.js +2 -0
- package/lib/fda-21cfr11.js +2 -0
- package/lib/fdx.js +2 -0
- package/lib/fedcm.js +2 -0
- package/lib/file-type.js +2 -0
- package/lib/file-upload.js +2 -0
- package/lib/flag-cache.js +2 -0
- package/lib/flag-evaluation-context.js +2 -0
- package/lib/flag-providers.js +2 -0
- package/lib/flag-targeting.js +2 -0
- package/lib/flag.js +2 -0
- package/lib/forms.js +2 -0
- package/lib/framework-error.js +2 -0
- package/lib/framework-files.js +2 -0
- package/lib/framework-schema.js +2 -0
- package/lib/framework-sha1-hibp.js +2 -0
- package/lib/fsm.js +2 -0
- package/lib/gate-contract.js +2 -0
- package/lib/gdpr-ropa.js +2 -0
- package/lib/graphql-federation.js +2 -0
- package/lib/guard-agent-registry.js +2 -0
- package/lib/guard-all.js +2 -0
- package/lib/guard-archive.js +2 -0
- package/lib/guard-auth.js +2 -0
- package/lib/guard-cidr.js +2 -0
- package/lib/guard-csv.js +2 -0
- package/lib/guard-domain.js +2 -0
- package/lib/guard-dsn.js +2 -0
- package/lib/guard-email.js +2 -0
- package/lib/guard-envelope.js +2 -0
- package/lib/guard-event-bus-payload.js +2 -0
- package/lib/guard-event-bus-topic.js +2 -0
- package/lib/guard-filename.js +2 -0
- package/lib/guard-graphql.js +2 -0
- package/lib/guard-html-wcag-aria.js +2 -0
- package/lib/guard-html-wcag-forms.js +2 -0
- package/lib/guard-html-wcag-tables.js +2 -0
- package/lib/guard-html-wcag-tagwalk.js +2 -0
- package/lib/guard-html-wcag.js +2 -0
- package/lib/guard-html.js +2 -0
- package/lib/guard-idempotency-key.js +2 -0
- package/lib/guard-image.js +2 -0
- package/lib/guard-imap-command.js +2 -0
- package/lib/guard-jmap.js +2 -0
- package/lib/guard-json.js +2 -0
- package/lib/guard-jsonpath.js +2 -0
- package/lib/guard-jwt.js +2 -0
- package/lib/guard-list-id.js +2 -0
- package/lib/guard-list-unsubscribe.js +2 -0
- package/lib/guard-mail-compose.js +2 -0
- package/lib/guard-mail-move.js +2 -0
- package/lib/guard-mail-query.js +2 -0
- package/lib/guard-mail-reply.js +2 -0
- package/lib/guard-mail-sieve.js +2 -0
- package/lib/guard-managesieve-command.js +2 -0
- package/lib/guard-markdown.js +2 -0
- package/lib/guard-message-id.js +2 -0
- package/lib/guard-mime.js +2 -0
- package/lib/guard-oauth.js +2 -0
- package/lib/guard-pdf.js +2 -0
- package/lib/guard-pop3-command.js +2 -0
- package/lib/guard-posture-chain.js +2 -0
- package/lib/guard-regex.js +2 -0
- package/lib/guard-saga-config.js +2 -0
- package/lib/guard-shell.js +2 -0
- package/lib/guard-smtp-command.js +2 -0
- package/lib/guard-snapshot-envelope.js +2 -0
- package/lib/guard-sql.js +2 -0
- package/lib/guard-stream-args.js +2 -0
- package/lib/guard-svg.js +2 -0
- package/lib/guard-template.js +2 -0
- package/lib/guard-tenant-id.js +2 -0
- package/lib/guard-text.js +2 -0
- package/lib/guard-time.js +2 -0
- package/lib/guard-trace-context.js +2 -0
- package/lib/guard-uuid.js +2 -0
- package/lib/guard-xml.js +2 -0
- package/lib/guard-yaml.js +2 -0
- package/lib/hal.js +2 -0
- package/lib/handlers.js +2 -0
- package/lib/honeytoken.js +2 -0
- package/lib/html-balance.js +2 -0
- package/lib/http-client-cache.js +2 -0
- package/lib/http-client-cookie-jar.js +2 -0
- package/lib/http-client.js +2 -0
- package/lib/http-message-signature.js +2 -0
- package/lib/http2-teardown.js +2 -0
- package/lib/i18n-messageformat.js +2 -0
- package/lib/i18n.js +2 -0
- package/lib/iab-mspa.js +2 -0
- package/lib/iab-tcf.js +2 -0
- package/lib/importmap-integrity.js +2 -0
- package/lib/inbox.js +2 -0
- package/lib/incident-report.js +2 -0
- package/lib/ip-utils.js +2 -0
- package/lib/jobs.js +2 -0
- package/lib/jose-jwe-experimental.js +2 -0
- package/lib/json-merge-patch.js +2 -0
- package/lib/json-patch.js +2 -0
- package/lib/json-path.js +2 -0
- package/lib/json-pointer.js +2 -0
- package/lib/json-schema.js +2 -0
- package/lib/jsonapi.js +2 -0
- package/lib/jtd.js +2 -0
- package/lib/jwk.js +2 -0
- package/lib/keychain.js +32 -10
- package/lib/lazy-require.js +2 -0
- package/lib/legal-hold.js +2 -0
- package/lib/link-header.js +2 -0
- package/lib/local-db-thin.js +2 -0
- package/lib/log-stream-cloudwatch.js +2 -0
- package/lib/log-stream-local.js +2 -0
- package/lib/log-stream-otlp-grpc.js +2 -0
- package/lib/log-stream-otlp.js +2 -0
- package/lib/log-stream-syslog.js +2 -0
- package/lib/log-stream-webhook.js +2 -0
- package/lib/log-stream.js +2 -0
- package/lib/log.js +2 -0
- package/lib/lro.js +2 -0
- package/lib/mail-agent.js +2 -0
- package/lib/mail-arc-reuse-token.js +2 -0
- package/lib/mail-arc-sign.js +2 -0
- package/lib/mail-arf.js +2 -0
- package/lib/mail-auth.js +7 -1
- package/lib/mail-bimi.js +2 -0
- package/lib/mail-bounce.js +2 -0
- package/lib/mail-crypto-pgp.js +2 -0
- package/lib/mail-crypto-smime.js +2 -0
- package/lib/mail-crypto.js +2 -0
- package/lib/mail-dav.js +2 -0
- package/lib/mail-deploy.js +2 -0
- package/lib/mail-dkim.js +2 -0
- package/lib/mail-greylist.js +2 -0
- package/lib/mail-helo.js +2 -0
- package/lib/mail-journal.js +2 -0
- package/lib/mail-mdn.js +2 -0
- package/lib/mail-rbl.js +2 -0
- package/lib/mail-require-tls.js +2 -0
- package/lib/mail-scan.js +2 -0
- package/lib/mail-send-deliver.js +2 -0
- package/lib/mail-server-imap.js +2 -0
- package/lib/mail-server-jmap.js +2 -0
- package/lib/mail-server-managesieve.js +2 -0
- package/lib/mail-server-mx.js +2 -0
- package/lib/mail-server-net.js +2 -0
- package/lib/mail-server-pop3.js +2 -0
- package/lib/mail-server-rate-limit.js +2 -0
- package/lib/mail-server-registry.js +2 -0
- package/lib/mail-server-submission.js +2 -0
- package/lib/mail-server-tls.js +2 -0
- package/lib/mail-sieve.js +2 -0
- package/lib/mail-spam-score.js +2 -0
- package/lib/mail-srs.js +2 -0
- package/lib/mail-store-fts.js +2 -0
- package/lib/mail-store.js +2 -0
- package/lib/mail-unsubscribe.js +2 -0
- package/lib/mail.js +2 -0
- package/lib/markup-escape.js +2 -0
- package/lib/markup-tokenizer.js +2 -0
- package/lib/mcp-tool-registry.js +2 -0
- package/lib/mcp.js +2 -0
- package/lib/mdoc.js +2 -0
- package/lib/metrics.js +2 -0
- package/lib/middleware/age-gate.js +2 -0
- package/lib/middleware/ai-act-disclosure.js +2 -0
- package/lib/middleware/api-encrypt.js +2 -0
- package/lib/middleware/assetlinks.js +2 -0
- package/lib/middleware/asyncapi-serve.js +2 -0
- package/lib/middleware/attach-user.js +2 -0
- package/lib/middleware/bearer-auth.js +2 -0
- package/lib/middleware/body-parser.js +2 -0
- package/lib/middleware/bot-disclose.js +2 -0
- package/lib/middleware/bot-guard.js +2 -0
- package/lib/middleware/clear-site-data.js +2 -0
- package/lib/middleware/compose-pipeline.js +2 -0
- package/lib/middleware/compression.js +2 -0
- package/lib/middleware/cookies.js +2 -0
- package/lib/middleware/cors.js +2 -0
- package/lib/middleware/csp-nonce.js +2 -0
- package/lib/middleware/csp-report.js +2 -0
- package/lib/middleware/csrf-protect.js +2 -0
- package/lib/middleware/daily-byte-quota.js +2 -0
- package/lib/middleware/db-role-for.js +2 -0
- package/lib/middleware/deny-response.js +2 -0
- package/lib/middleware/dpop.js +2 -0
- package/lib/middleware/error-handler.js +2 -0
- package/lib/middleware/fetch-metadata.js +2 -0
- package/lib/middleware/flag-context.js +2 -0
- package/lib/middleware/gpc.js +2 -0
- package/lib/middleware/headers.js +2 -0
- package/lib/middleware/health.js +2 -0
- package/lib/middleware/host-allowlist.js +2 -0
- package/lib/middleware/idempotency-key.js +2 -0
- package/lib/middleware/index.js +2 -0
- package/lib/middleware/nel.js +2 -0
- package/lib/middleware/network-allowlist.js +2 -0
- package/lib/middleware/no-cache.js +2 -0
- package/lib/middleware/openapi-serve.js +2 -0
- package/lib/middleware/protected-resource-metadata.js +2 -0
- package/lib/middleware/rate-limit.js +2 -0
- package/lib/middleware/request-id.js +2 -0
- package/lib/middleware/request-log.js +2 -0
- package/lib/middleware/require-aal.js +2 -0
- package/lib/middleware/require-auth.js +2 -0
- package/lib/middleware/require-bound-key.js +2 -0
- package/lib/middleware/require-content-type.js +2 -0
- package/lib/middleware/require-methods.js +2 -0
- package/lib/middleware/require-mtls.js +2 -0
- package/lib/middleware/require-step-up.js +2 -0
- package/lib/middleware/scim-server.js +2 -0
- package/lib/middleware/security-headers.js +2 -0
- package/lib/middleware/security-txt.js +2 -0
- package/lib/middleware/span-http-server.js +2 -0
- package/lib/middleware/speculation-rules.js +2 -0
- package/lib/middleware/sse.js +2 -0
- package/lib/middleware/trace-log-correlation.js +2 -0
- package/lib/middleware/trace-propagate.js +2 -0
- package/lib/middleware/tus-upload.js +2 -0
- package/lib/middleware/web-app-manifest.js +2 -0
- package/lib/migration-files.js +2 -0
- package/lib/migrations.js +2 -0
- package/lib/mime-parse.js +2 -0
- package/lib/module-loader.js +2 -0
- package/lib/money.js +2 -0
- package/lib/mtls-ca.js +2 -0
- package/lib/mtls-engine-default.js +2 -0
- package/lib/network-byte-quota.js +2 -0
- package/lib/network-dane.js +2 -0
- package/lib/network-dns-resolver.js +2 -0
- package/lib/network-dns.js +2 -0
- package/lib/network-dnssec.js +2 -0
- package/lib/network-heartbeat.js +2 -0
- package/lib/network-nts.js +2 -0
- package/lib/network-proxy.js +2 -0
- package/lib/network-smtp-policy.js +6 -1
- package/lib/network-tls.js +2 -0
- package/lib/network-tsig.js +2 -0
- package/lib/network.js +2 -0
- package/lib/nis2-report.js +2 -0
- package/lib/nist-crosswalk.js +2 -0
- package/lib/nonce-store.js +2 -0
- package/lib/notify.js +2 -0
- package/lib/ntp-check.js +2 -0
- package/lib/numeric-bounds.js +2 -0
- package/lib/numeric-checks.js +2 -0
- package/lib/object-store/azure-blob-bucket-ops.js +2 -0
- package/lib/object-store/azure-blob.js +2 -0
- package/lib/object-store/gcs-bucket-ops.js +2 -0
- package/lib/object-store/gcs.js +2 -0
- package/lib/object-store/http-put.js +2 -0
- package/lib/object-store/http-request.js +2 -0
- package/lib/object-store/index.js +2 -0
- package/lib/object-store/local.js +2 -0
- package/lib/object-store/sigv4-bucket-ops.js +2 -0
- package/lib/object-store/sigv4.js +2 -0
- package/lib/observability-otlp-exporter.js +2 -0
- package/lib/observability-tracer.js +2 -0
- package/lib/observability.js +2 -0
- package/lib/openapi-paths-builder.js +2 -0
- package/lib/openapi-schema-walk.js +2 -0
- package/lib/openapi-security.js +2 -0
- package/lib/openapi-yaml.js +2 -0
- package/lib/openapi.js +2 -0
- package/lib/otel-export.js +2 -0
- package/lib/outbox.js +2 -0
- package/lib/pagination.js +2 -0
- package/lib/parsers/index.js +2 -0
- package/lib/parsers/safe-env.js +2 -0
- package/lib/parsers/safe-ini.js +2 -0
- package/lib/parsers/safe-toml.js +2 -0
- package/lib/parsers/safe-xml.js +2 -0
- package/lib/parsers/safe-yaml.js +2 -0
- package/lib/permissions.js +2 -0
- package/lib/pick.js +2 -0
- package/lib/pipl-cn.js +2 -0
- package/lib/pqc-agent.js +2 -0
- package/lib/pqc-gate.js +2 -0
- package/lib/pqc-software.js +2 -0
- package/lib/privacy-pass.js +2 -0
- package/lib/privacy.js +2 -0
- package/lib/problem-details.js +2 -0
- package/lib/process-spawn.js +2 -0
- package/lib/promise-pool.js +2 -0
- package/lib/protobuf-encoder.js +2 -0
- package/lib/protocol-dispatcher.js +2 -0
- package/lib/public-suffix.js +2 -0
- package/lib/pubsub-cluster.js +2 -0
- package/lib/pubsub-redis.js +2 -0
- package/lib/pubsub.js +2 -0
- package/lib/queue-local.js +2 -0
- package/lib/queue-redis.js +2 -0
- package/lib/queue-sqs.js +2 -0
- package/lib/queue.js +2 -0
- package/lib/redact.js +2 -0
- package/lib/redis-client.js +2 -0
- package/lib/render.js +2 -0
- package/lib/request-helpers.js +2 -0
- package/lib/resource-access-lock.js +2 -0
- package/lib/restore-bundle.js +2 -0
- package/lib/restore-rollback.js +2 -0
- package/lib/restore.js +2 -0
- package/lib/retention.js +2 -0
- package/lib/retry.js +2 -0
- package/lib/rfc3339.js +2 -0
- package/lib/router.js +83 -18
- package/lib/safe-archive.js +2 -0
- package/lib/safe-async.js +2 -0
- package/lib/safe-buffer.js +2 -0
- package/lib/safe-decompress.js +2 -0
- package/lib/safe-dns.js +2 -0
- package/lib/safe-ical.js +2 -0
- package/lib/safe-icap.js +2 -0
- package/lib/safe-json.js +2 -0
- package/lib/safe-jsonpath.js +2 -0
- package/lib/safe-mime.js +2 -0
- package/lib/safe-mount-info.js +2 -0
- package/lib/safe-path.js +2 -0
- package/lib/safe-redirect.js +2 -0
- package/lib/safe-schema.js +2 -0
- package/lib/safe-sieve.js +2 -0
- package/lib/safe-smtp.js +2 -0
- package/lib/safe-sql.js +2 -0
- package/lib/safe-url.js +2 -0
- package/lib/safe-vcard.js +2 -0
- package/lib/sandbox-worker.js +2 -0
- package/lib/sandbox.js +2 -0
- package/lib/scheduler.js +2 -0
- package/lib/scitt.js +2 -0
- package/lib/sd-notify.js +2 -0
- package/lib/sec-cyber.js +2 -0
- package/lib/security-assert.js +2 -0
- package/lib/seeders.js +2 -0
- package/lib/self-update-standalone-verifier.js +2 -0
- package/lib/self-update.js +2 -0
- package/lib/server-timing.js +2 -0
- package/lib/session-device-binding.js +2 -0
- package/lib/session-stores.js +2 -0
- package/lib/session.js +2 -0
- package/lib/slug.js +2 -0
- package/lib/sql.js +2 -0
- package/lib/sse.js +2 -0
- package/lib/ssrf-guard.js +2 -0
- package/lib/standard-webhooks.js +2 -0
- package/lib/static.js +2 -0
- package/lib/storage.js +2 -0
- package/lib/stream-throttle.js +2 -0
- package/lib/structured-fields.js +2 -0
- package/lib/subject.js +2 -0
- package/lib/tcpa-10dlc.js +2 -0
- package/lib/template.js +2 -0
- package/lib/tenant-quota.js +2 -0
- package/lib/test-harness.js +2 -0
- package/lib/testing.js +2 -0
- package/lib/time.js +2 -0
- package/lib/tls-exporter.js +2 -0
- package/lib/totp.js +2 -0
- package/lib/tracing.js +2 -0
- package/lib/tsa.js +2 -0
- package/lib/uri-template.js +2 -0
- package/lib/uuid.js +2 -0
- package/lib/validate-opts.js +2 -0
- package/lib/vault/index.js +2 -0
- package/lib/vault/passphrase-ops.js +2 -0
- package/lib/vault/passphrase-source.js +2 -0
- package/lib/vault/rotate.js +2 -0
- package/lib/vault/seal-pem-file.js +2 -0
- package/lib/vault/wrap.js +2 -0
- package/lib/vault-aad.js +2 -0
- package/lib/vc.js +2 -0
- package/lib/vendor-data.js +2 -0
- package/lib/vex.js +2 -0
- package/lib/watcher.js +2 -0
- package/lib/web-push-vapid.js +2 -0
- package/lib/webhook-dispatcher.js +2 -0
- package/lib/webhook.js +2 -0
- package/lib/websocket-channels.js +2 -0
- package/lib/websocket.js +2 -0
- package/lib/wiki-concepts.js +2 -0
- package/lib/worker-pool.js +2 -0
- package/lib/worm.js +2 -0
- package/lib/ws-client.js +2 -0
- package/lib/x509-chain.js +2 -0
- package/lib/xml-c14n.js +2 -0
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
package/lib/auth/oauth.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* oauth — OAuth 2 / OIDC client.
|
|
@@ -959,7 +961,11 @@ async function verifyClientAttestation(attestationJwt, popJwt, vopts) {
|
|
|
959
961
|
throw new OAuthError("auth-oauth/attestation-pop-seen-callback-failed",
|
|
960
962
|
"client-attestation-pop: seenJti() callback threw: " + ((e && e.message) || String(e)));
|
|
961
963
|
}
|
|
962
|
-
|
|
964
|
+
// Fail closed on ANY non-truthy result. The contract is "returns truthy
|
|
965
|
+
// when UNSEEN"; an operator store fronting Redis EXISTS / SISMEMBER or a
|
|
966
|
+
// SQL COUNT returns 0 (falsy, not `false`) on a replay, so an
|
|
967
|
+
// `=== false` comparison would miss it and accept the replayed PoP.
|
|
968
|
+
if (!unseen) {
|
|
963
969
|
throw new OAuthError("auth-oauth/attestation-pop-replay",
|
|
964
970
|
"client-attestation-pop: jti already seen (replay refused, draft §12.1)");
|
|
965
971
|
}
|
|
@@ -980,6 +986,47 @@ function _constantTimeStrEq(a, b) {
|
|
|
980
986
|
return cryptoTimingSafeEqual(a, b);
|
|
981
987
|
}
|
|
982
988
|
|
|
989
|
+
// Framework-managed authorization-request parameters. Operator-supplied
|
|
990
|
+
// extraParams may not carry any of these — the builder generates them and
|
|
991
|
+
// RETURNS the security-critical ones (state, PKCE verifier/challenge) to the
|
|
992
|
+
// caller, so an extraParams override would silently diverge the returned
|
|
993
|
+
// values from what the URL/PAR body actually carries (a broken CSRF / PKCE
|
|
994
|
+
// binding). Covers redirect target, client identity, requested response,
|
|
995
|
+
// scope, state, nonce, PKCE challenge, response mode, RAR details, and the
|
|
996
|
+
// JAR request container.
|
|
997
|
+
var RESERVED_AUTHZ_PARAMS = {
|
|
998
|
+
"response_type": 1,
|
|
999
|
+
"client_id": 1,
|
|
1000
|
+
"redirect_uri": 1,
|
|
1001
|
+
"scope": 1,
|
|
1002
|
+
"state": 1,
|
|
1003
|
+
"nonce": 1,
|
|
1004
|
+
"code_challenge": 1,
|
|
1005
|
+
"code_challenge_method": 1,
|
|
1006
|
+
"response_mode": 1,
|
|
1007
|
+
"authorization_details": 1,
|
|
1008
|
+
"request": 1,
|
|
1009
|
+
"request_uri": 1,
|
|
1010
|
+
};
|
|
1011
|
+
|
|
1012
|
+
// Refuse operator-supplied extraParams keys that collide with a framework-
|
|
1013
|
+
// managed parameter. extraParams is operator-controlled, so a collision is a
|
|
1014
|
+
// config-time bug (a library merge / copy-paste) — refuse it loudly rather
|
|
1015
|
+
// than let it shadow a value the framework generated and returned. Fail
|
|
1016
|
+
// closed; shared by authorizationUrl, pushAuthorizationRequest, and
|
|
1017
|
+
// endSessionUrl so every URL/PAR builder guards the same way.
|
|
1018
|
+
function _assertNoReservedExtraParams(extraParams, reserved, errCode, ctx) {
|
|
1019
|
+
if (!extraParams || typeof extraParams !== "object") return;
|
|
1020
|
+
var ek = Object.keys(extraParams);
|
|
1021
|
+
for (var i = 0; i < ek.length; i++) {
|
|
1022
|
+
if (Object.prototype.hasOwnProperty.call(reserved, ek[i])) {
|
|
1023
|
+
throw new OAuthError(errCode,
|
|
1024
|
+
ctx + ": extraParams key '" + ek[i] + "' collides with a " +
|
|
1025
|
+
"framework-managed parameter — pass it through the named option instead");
|
|
1026
|
+
}
|
|
1027
|
+
}
|
|
1028
|
+
}
|
|
1029
|
+
|
|
983
1030
|
// ---- core ----
|
|
984
1031
|
|
|
985
1032
|
function create(opts) {
|
|
@@ -1259,7 +1306,14 @@ function create(opts) {
|
|
|
1259
1306
|
params.set("authorization_details", JSON.stringify(requestedAuthzDetails));
|
|
1260
1307
|
}
|
|
1261
1308
|
// Operator-supplied additional params (audience, resource, etc.).
|
|
1309
|
+
// Refuse keys that collide with a framework-managed parameter so an
|
|
1310
|
+
// operator typo / library-merge can't shadow the redirect_uri / state /
|
|
1311
|
+
// code_challenge the builder generated and returned — which would
|
|
1312
|
+
// silently diverge the returned {state, verifier} from the URL and
|
|
1313
|
+
// break the CSRF / PKCE binding.
|
|
1262
1314
|
if (uopts.extraParams && typeof uopts.extraParams === "object") {
|
|
1315
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
|
|
1316
|
+
"auth-oauth/reserved-extra-param", "authorizationUrl");
|
|
1263
1317
|
var ek = Object.keys(uopts.extraParams);
|
|
1264
1318
|
for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
1265
1319
|
}
|
|
@@ -1371,23 +1425,30 @@ function create(opts) {
|
|
|
1371
1425
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
1372
1426
|
"refreshAccessToken: checkAndInsert() callback threw: " + ((e && e.message) || String(e)));
|
|
1373
1427
|
}
|
|
1374
|
-
// Spec contract:
|
|
1375
|
-
// inserted
|
|
1376
|
-
// broke every first refresh attempt for operators reusing an
|
|
1377
|
-
// existing b.nonceStore-style backend.
|
|
1378
|
-
|
|
1428
|
+
// Spec contract: a TRUTHY result → first sighting (the value was
|
|
1429
|
+
// inserted, OK); a FALSY result → replay. v0.9.3 had this inverted,
|
|
1430
|
+
// which broke every first refresh attempt for operators reusing an
|
|
1431
|
+
// existing b.nonceStore-style backend. Test truthiness, not an
|
|
1432
|
+
// `=== false` literal: a store fronting Redis SETNX / SQL INSERT
|
|
1433
|
+
// returns 0 (falsy, not `false`) when the row already existed, so
|
|
1434
|
+
// an exact-literal compare would miss the replay and fail OPEN.
|
|
1435
|
+
alreadySeen = !inserted;
|
|
1379
1436
|
} else if (typeof ropts.seen === "function") {
|
|
1380
1437
|
// Legacy non-atomic path. Documented as a check-then-act race;
|
|
1381
1438
|
// operators sharing a single-writer store (Redis SETNX, DB
|
|
1382
1439
|
// INSERT ON CONFLICT) MUST migrate to checkAndInsert. Stays
|
|
1383
1440
|
// here for backwards-compat with existing operator code.
|
|
1441
|
+
// Legacy contract: truthy → the token was presented before (replay).
|
|
1442
|
+
// The value is used by truthiness at the gate below, so a store
|
|
1443
|
+
// returning 1 from Redis EXISTS / a SQL COUNT is honored as "seen"
|
|
1444
|
+
// instead of being missed by an `=== true` literal compare.
|
|
1384
1445
|
try { alreadySeen = await ropts.seen(refreshToken); }
|
|
1385
1446
|
catch (e) {
|
|
1386
1447
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
1387
1448
|
"refreshAccessToken: seen() callback threw: " + ((e && e.message) || String(e)));
|
|
1388
1449
|
}
|
|
1389
1450
|
}
|
|
1390
|
-
if (alreadySeen
|
|
1451
|
+
if (alreadySeen) {
|
|
1391
1452
|
throw new OAuthError("auth-oauth/refresh-token-replay",
|
|
1392
1453
|
"refreshAccessToken: refresh token has been presented before — refused " +
|
|
1393
1454
|
"(OAuth 2.1 §6.1 / RFC 9700 §4.13 one-time-use defense). The operator MUST " +
|
|
@@ -2010,15 +2071,10 @@ function create(opts) {
|
|
|
2010
2071
|
"ui_locales": 1,
|
|
2011
2072
|
"client_id": 1,
|
|
2012
2073
|
};
|
|
2074
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_END_SESSION_PARAMS,
|
|
2075
|
+
"auth-oauth/end-session-reserved-extra-param", "endSessionUrl");
|
|
2013
2076
|
var ek = Object.keys(uopts.extraParams);
|
|
2014
|
-
for (var i = 0; i < ek.length; i++)
|
|
2015
|
-
if (RESERVED_END_SESSION_PARAMS[ek[i]]) {
|
|
2016
|
-
throw new OAuthError("auth-oauth/end-session-reserved-extra-param",
|
|
2017
|
-
"endSessionUrl: extraParams key '" + ek[i] + "' collides with a first-class " +
|
|
2018
|
-
"RP-Init Logout parameter — pass it through the named field instead");
|
|
2019
|
-
}
|
|
2020
|
-
params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
2021
|
-
}
|
|
2077
|
+
for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
|
|
2022
2078
|
}
|
|
2023
2079
|
var qs = params.toString();
|
|
2024
2080
|
if (qs.length === 0) return endpoint;
|
|
@@ -2106,6 +2162,11 @@ function create(opts) {
|
|
|
2106
2162
|
: JSON.stringify(requestedAuthzDetails); // form param — JSON string
|
|
2107
2163
|
}
|
|
2108
2164
|
if (uopts.extraParams && typeof uopts.extraParams === "object") {
|
|
2165
|
+
// Same reserved-key guard as authorizationUrl — a PAR request pushes
|
|
2166
|
+
// the identical security-critical parameter set, so extraParams may
|
|
2167
|
+
// not shadow redirect_uri / state / code_challenge here either.
|
|
2168
|
+
_assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
|
|
2169
|
+
"auth-oauth/reserved-extra-param", "pushAuthorizationRequest");
|
|
2109
2170
|
var ek = Object.keys(uopts.extraParams);
|
|
2110
2171
|
for (var i = 0; i < ek.length; i++) authzParams[ek[i]] = String(uopts.extraParams[ek[i]]);
|
|
2111
2172
|
}
|
|
@@ -2352,7 +2413,10 @@ function create(opts) {
|
|
|
2352
2413
|
"verifyBackchannelLogoutToken: atomicReplayStore.checkAndInsert threw: " +
|
|
2353
2414
|
((e && e.message) || String(e)));
|
|
2354
2415
|
}
|
|
2355
|
-
|
|
2416
|
+
// Fail closed on ANY non-truthy result. A store fronting SETNX / an
|
|
2417
|
+
// ON-CONFLICT INSERT returns 0 (falsy, not `false`) on a duplicate,
|
|
2418
|
+
// so an `=== false` compare would miss the replay.
|
|
2419
|
+
if (!inserted) {
|
|
2356
2420
|
throw new OAuthError("auth-oauth/logout-token-replay",
|
|
2357
2421
|
"verifyBackchannelLogoutToken: jti '" + claims.jti +
|
|
2358
2422
|
"' already seen — replay refused (atomic)");
|
|
@@ -2368,7 +2432,10 @@ function create(opts) {
|
|
|
2368
2432
|
throw new OAuthError("auth-oauth/seen-callback-failed",
|
|
2369
2433
|
"verifyBackchannelLogoutToken: seen() callback threw: " + ((e && e.message) || String(e)));
|
|
2370
2434
|
}
|
|
2371
|
-
|
|
2435
|
+
// Fail closed on ANY non-truthy result — `seen()` returns truthy the
|
|
2436
|
+
// first time it sees the (jti, iss) pair; a store returning 0 for a
|
|
2437
|
+
// duplicate must still refuse, which an `=== false` compare would miss.
|
|
2438
|
+
if (!first) {
|
|
2372
2439
|
throw new OAuthError("auth-oauth/logout-token-replay",
|
|
2373
2440
|
"verifyBackchannelLogoutToken: jti already seen — replay refused");
|
|
2374
2441
|
}
|
package/lib/auth/oid4vci.js
CHANGED
package/lib/auth/oid4vp.js
CHANGED
package/lib/auth/passkey.js
CHANGED
package/lib/auth/password.js
CHANGED
package/lib/auth/saml.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* @module b.auth.saml
|
|
@@ -1050,7 +1052,7 @@ function create(opts) {
|
|
|
1050
1052
|
"parseLogoutRequest: inflate failed: " + ((e && e.message) || String(e)));
|
|
1051
1053
|
}
|
|
1052
1054
|
// Verify the redirect-binding signature when an IdP key is supplied.
|
|
1053
|
-
if (vopts.idpVerifyKey) {
|
|
1055
|
+
if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutRequest")) {
|
|
1054
1056
|
if (typeof vopts.queryString !== "string") {
|
|
1055
1057
|
throw new AuthError("auth-saml/no-query-string",
|
|
1056
1058
|
"parseLogoutRequest: idpVerifyKey requires queryString (raw URL query)");
|
|
@@ -1238,7 +1240,7 @@ function create(opts) {
|
|
|
1238
1240
|
throw new AuthError("auth-saml/bad-saml-response",
|
|
1239
1241
|
"parseLogoutResponse: inflate failed: " + ((e && e.message) || String(e)));
|
|
1240
1242
|
}
|
|
1241
|
-
if (vopts.idpVerifyKey) {
|
|
1243
|
+
if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutResponse")) {
|
|
1242
1244
|
if (typeof vopts.queryString !== "string") {
|
|
1243
1245
|
throw new AuthError("auth-saml/no-query-string",
|
|
1244
1246
|
"parseLogoutResponse: idpVerifyKey requires queryString");
|
|
@@ -1410,7 +1412,7 @@ function create(opts) {
|
|
|
1410
1412
|
"parseLogoutRequestPost: samlRequestB64 must be a non-empty string");
|
|
1411
1413
|
}
|
|
1412
1414
|
var xml = Buffer.from(samlRequestB64, "base64").toString("utf8");
|
|
1413
|
-
if (vopts.idpVerifyKey
|
|
1415
|
+
if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutRequestPost")) {
|
|
1414
1416
|
_verifyEmbeddedXmlDsig(xml, vopts.idpVerifyKey, vopts.idpVerifyAlg, "LogoutRequest");
|
|
1415
1417
|
}
|
|
1416
1418
|
var c14n = xmlC14n();
|
|
@@ -1532,7 +1534,7 @@ function create(opts) {
|
|
|
1532
1534
|
"parseLogoutResponseSoap: soap:Body is empty");
|
|
1533
1535
|
}
|
|
1534
1536
|
var innerXml = Buffer.from(c14n.canonicalize(inner)).toString("utf8");
|
|
1535
|
-
if (vopts.idpVerifyKey
|
|
1537
|
+
if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutResponseSoap")) {
|
|
1536
1538
|
_verifyEmbeddedXmlDsig(innerXml, vopts.idpVerifyKey, vopts.idpVerifyAlg, "LogoutResponse");
|
|
1537
1539
|
}
|
|
1538
1540
|
var innerLocal = inner.name.split(":").pop();
|
|
@@ -1864,8 +1866,31 @@ function _embedXmlDsig(bodyXml, refId, signingKey, signingAlg) {
|
|
|
1864
1866
|
return bodyXml.substring(0, splitAt) + sigEl + bodyXml.substring(splitAt);
|
|
1865
1867
|
}
|
|
1866
1868
|
|
|
1869
|
+
// SLO verification-config gate. Presence of EITHER idpVerifyKey or
|
|
1870
|
+
// idpVerifyAlg signals the operator intends to verify the inbound
|
|
1871
|
+
// message; a half-supplied pair is a configuration error, never a
|
|
1872
|
+
// license to skip the signature check. Returns true when both are
|
|
1873
|
+
// present (verify), false when neither is (verification not requested),
|
|
1874
|
+
// and throws — fail closed — when exactly one is present, so a
|
|
1875
|
+
// fat-fingered verifier can never silently accept a forged, unsigned
|
|
1876
|
+
// LogoutRequest / LogoutResponse. Every SLO parse path (HTTP-Redirect,
|
|
1877
|
+
// HTTP-POST, SOAP) routes its verify decision through this one gate so
|
|
1878
|
+
// the redirect and back-channel bindings agree on fail-closed behavior.
|
|
1879
|
+
function _verifyConfig(idpVerifyKey, idpVerifyAlg, ctx) {
|
|
1880
|
+
if (!idpVerifyKey && !idpVerifyAlg) return false;
|
|
1881
|
+
if (!idpVerifyKey) {
|
|
1882
|
+
throw new AuthError("auth-saml/no-verify-key",
|
|
1883
|
+
ctx + ": idpVerifyAlg supplied without idpVerifyKey — verification cannot proceed");
|
|
1884
|
+
}
|
|
1885
|
+
if (!idpVerifyAlg) {
|
|
1886
|
+
throw new AuthError("auth-saml/no-verify-alg",
|
|
1887
|
+
ctx + ": idpVerifyKey supplied without idpVerifyAlg (alg is required when key is supplied)");
|
|
1888
|
+
}
|
|
1889
|
+
return true;
|
|
1890
|
+
}
|
|
1891
|
+
|
|
1867
1892
|
function _verifyEmbeddedXmlDsig(xml, idpVerifyKey, idpVerifyAlg, expectedRootLocal) {
|
|
1868
|
-
if (!idpVerifyKey
|
|
1893
|
+
if (!_verifyConfig(idpVerifyKey, idpVerifyAlg, "_verifyEmbeddedXmlDsig")) return;
|
|
1869
1894
|
var sigAlgUrn = _sigAlgUrn(idpVerifyAlg);
|
|
1870
1895
|
if (!sigAlgUrn) {
|
|
1871
1896
|
throw new AuthError("auth-saml/bad-verify-alg",
|
package/lib/auth/sd-jwt-vc.js
CHANGED
package/lib/auth/status-list.js
CHANGED
package/lib/auth/step-up.js
CHANGED
package/lib/auth-header.js
CHANGED
package/lib/backup/bundle.js
CHANGED
package/lib/backup/crypto.js
CHANGED
package/lib/backup/index.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* @module b.backup
|
|
@@ -1176,7 +1178,19 @@ function bundleAdapterStorage(opts) {
|
|
|
1176
1178
|
"the adapter — the wrap layer composes only with tar / tar.gz bundles. Per-file " +
|
|
1177
1179
|
"encryption for directory format is a future patch alongside the _crypto-base.js refactor.");
|
|
1178
1180
|
}
|
|
1181
|
+
// Mirror create()'s ambient-posture read (see the create() encryption
|
|
1182
|
+
// gate above): an explicit opts.posture wins, but when it is unset the
|
|
1183
|
+
// globally-pinned compliance posture (b.compliance.set(...)) still drives
|
|
1184
|
+
// the encryption-required gate. Without this fallback a deployment that
|
|
1185
|
+
// pins HIPAA / PCI-DSS once and constructs the store with the documented
|
|
1186
|
+
// default ({ adapter }, cryptoStrategy defaulting to "none") slips a
|
|
1187
|
+
// plaintext bundle store past a gate create() enforces on encrypt:false —
|
|
1188
|
+
// an asymmetric fail-open under the same regulated posture.
|
|
1179
1189
|
var posture = opts.posture;
|
|
1190
|
+
if (posture === undefined || posture === null) {
|
|
1191
|
+
try { posture = compliance().current(); }
|
|
1192
|
+
catch (_e) { posture = null; } // compliance optional at construction time
|
|
1193
|
+
}
|
|
1180
1194
|
if (posture && BACKUP_ENCRYPTION_REQUIRED_POSTURES.indexOf(posture) !== -1) {
|
|
1181
1195
|
if (cryptoStrategy === "none") {
|
|
1182
1196
|
throw new BackupError("backup/posture-requires-encryption",
|
package/lib/backup/manifest.js
CHANGED
package/lib/base32.js
CHANGED
package/lib/boot-gates.js
CHANGED
package/lib/bounded-map.js
CHANGED
package/lib/breach-deadline.js
CHANGED
package/lib/break-glass.js
CHANGED
package/lib/budr.js
CHANGED
package/lib/bundler.js
CHANGED
package/lib/cache-redis.js
CHANGED
package/lib/cache-status.js
CHANGED
package/lib/cache.js
CHANGED
package/lib/calendar.js
CHANGED
package/lib/canonical-json.js
CHANGED
package/lib/cbor.js
CHANGED
package/lib/cdn-cache-control.js
CHANGED
package/lib/cert.js
CHANGED
package/lib/chain-writer.js
CHANGED
package/lib/circuit-breaker.js
CHANGED
package/lib/cli-helpers.js
CHANGED
package/lib/cli.js
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
2
|
+
// Copyright (c) blamejs contributors
|
|
1
3
|
"use strict";
|
|
2
4
|
/**
|
|
3
5
|
* cli — the engine behind `blamejs` on the command line.
|
|
@@ -346,6 +348,44 @@ function _coerceList(val) {
|
|
|
346
348
|
return Array.isArray(val) ? val.slice() : [val];
|
|
347
349
|
}
|
|
348
350
|
|
|
351
|
+
// Compile one operator-supplied `dev --ignore` pattern to a RegExp,
|
|
352
|
+
// refusing (with a CliError the caller converts to exit 2) any pattern
|
|
353
|
+
// that is over-length, a ReDoS catastrophic-backtracking shape, or one
|
|
354
|
+
// RegExp() itself can't compile. Every refusal shape raises the same
|
|
355
|
+
// CliError type so a single caller-side catch takes the standard
|
|
356
|
+
// exit-2 + stderr path.
|
|
357
|
+
function _compileIgnorePattern(s) {
|
|
358
|
+
var str = String(s);
|
|
359
|
+
if (str.length > MAX_IGNORE_PATTERN_LENGTH) {
|
|
360
|
+
throw new CliError("cli/bad-ignore-pattern",
|
|
361
|
+
"blamejs dev: --ignore pattern exceeds max length " +
|
|
362
|
+
MAX_IGNORE_PATTERN_LENGTH + " (got " + str.length + ")");
|
|
363
|
+
}
|
|
364
|
+
// ReDoS / catastrophic-backtracking defense — refuses nested-quant
|
|
365
|
+
// (CVE-2024-21538 class), consecutive-* (CVE-2026-26996), nested
|
|
366
|
+
// extglob (CVE-2026-33671), and lookaround-quant shapes before the
|
|
367
|
+
// pattern reaches RegExp(). Operator typo / hostile-input identical
|
|
368
|
+
// shape from here on — both want the same refusal.
|
|
369
|
+
try {
|
|
370
|
+
guardRegex.sanitize(str, { profile: "strict" });
|
|
371
|
+
} catch (e) {
|
|
372
|
+
throw new CliError("cli/bad-ignore-pattern",
|
|
373
|
+
"blamejs dev: --ignore pattern refused by guardRegex: " +
|
|
374
|
+
((e && e.message) || String(e)));
|
|
375
|
+
}
|
|
376
|
+
// A pattern that clears the ReDoS screen can still be un-compilable
|
|
377
|
+
// (unbalanced group, dangling quantifier). RegExp() throws a
|
|
378
|
+
// SyntaxError here — route it through the same refusal, not up to a
|
|
379
|
+
// main() rejection.
|
|
380
|
+
try {
|
|
381
|
+
return RegExp(str);
|
|
382
|
+
} catch (e) {
|
|
383
|
+
throw new CliError("cli/bad-ignore-pattern",
|
|
384
|
+
"blamejs dev: --ignore pattern is not a valid regular expression: " +
|
|
385
|
+
((e && e.message) || String(e)));
|
|
386
|
+
}
|
|
387
|
+
}
|
|
388
|
+
|
|
349
389
|
async function _runDev(args, ctx) {
|
|
350
390
|
if (args.flags.help || args.flags.h) {
|
|
351
391
|
_writeLine(ctx.stdout, DEV_USAGE);
|
|
@@ -359,27 +399,24 @@ async function _runDev(args, ctx) {
|
|
|
359
399
|
}
|
|
360
400
|
var argList = _coerceList(args.flags.arg).map(String);
|
|
361
401
|
var watchList = _coerceList(args.flags.watch).map(String);
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
throw new CliError("cli/bad-ignore-pattern",
|
|
378
|
-
"blamejs dev: --ignore pattern refused by guardRegex: " +
|
|
379
|
-
((e && e.message) || String(e)));
|
|
402
|
+
// --ignore validation is operator-input validation, not an internal
|
|
403
|
+
// fault: a refused pattern must take the same exit-2 + stderr path
|
|
404
|
+
// every other dev flag uses, never reject main()'s awaited promise
|
|
405
|
+
// (the bin shim would surface a rejection as a stack trace + exit 1).
|
|
406
|
+
// The per-pattern helper raises a CliError for the three refusal
|
|
407
|
+
// shapes — over-length, guardRegex-refused, and an un-compilable
|
|
408
|
+
// RegExp — and the catch below converts any of them to the standard
|
|
409
|
+
// refusal path; a non-CliError (a genuine internal fault) re-throws.
|
|
410
|
+
var ignoreList;
|
|
411
|
+
try {
|
|
412
|
+
ignoreList = _coerceList(args.flags.ignore).map(_compileIgnorePattern);
|
|
413
|
+
} catch (e) {
|
|
414
|
+
if (e && e.isCliError) {
|
|
415
|
+
_writeLine(ctx.stderr, e.message || String(e));
|
|
416
|
+
return 2;
|
|
380
417
|
}
|
|
381
|
-
|
|
382
|
-
}
|
|
418
|
+
throw e;
|
|
419
|
+
}
|
|
383
420
|
var graceMs = args.flags["grace-ms"] !== undefined ? Number(args.flags["grace-ms"]) : undefined;
|
|
384
421
|
if (graceMs !== undefined && (!Number.isFinite(graceMs) || graceMs < 0)) {
|
|
385
422
|
_writeLine(ctx.stderr, "blamejs dev: --grace-ms must be a non-negative number");
|
package/lib/client-hints.js
CHANGED
package/lib/cloud-events.js
CHANGED